Internet Archive is back online, but for how long?


After a long battle with hackers who launched a DDoS attack and breached the Internet Archive’s systems, the archive is finally back online, at least for now.

Reddit users began reporting on the r/internetarchive subreddit that the archive was back online just a day ago (October 24th, 2024).

Jason Scott, a freelance archivist for the Internet Archive, shared a post on X with the caption, “Guess who’s back, back again, archive’s back, tell a friend,” referencing the infamous Eminem track Without Me.

ADVERTISEMENT

According to a blog post from October 21st, 2024, the archive said that it’s still recovering from the cyberattacks, but the Internet Archive is back online in a read-only manner.

“Features like uploading, borrowing, reviewing items, interlibrary loan, and other services are not yet available.”

Scott posted a screenshot of how many user visited the Internet Archive just six hours ago (October 25th, 2024).

Many users on X and Reddit reported that the Internet Archive had been going offline then online again for several days.

Despite this, the Internet Archive seems to be up and running in a restricted manner, but users seem to suggest that it won’t take long for the archive to go offline again.

One user said, “Not sure how many “we’re backs” I got in me at this point,” and another person said, “It’s going to be going up and down and up and down over the course of God knows how long.”

ADVERTISEMENT

It’s unclear as to whether the Internet Archive will go back offline again and whether hackers will continue to wreak havoc on the digital library. But I’m sure we’ll find out soon enough.

What happened to the Internet Archive?

The Internet Archive is a nonprofit digital library sharing screenshots of websites and other digital artifacts.

The library was struck by a distributed denial of service (DDoS) attack that took various systems offline, including WayBack Machine, the largest digital archive of the World Wide Web, and Open Library

The attackers rendered the sites unusable while leaving a note on the website saying:

"Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!"

The acronym HIBP stands for ‘Have I Been Pwned,’ a site created by Troy Hunt that shows if your personal information has been compromised.

It turns out that this DDoS attack had turned into a massive data breach affecting over 31 million people, leaking user records, including email addresses, screen names, and encrypted passwords.

Hacking the archive’s email helpdesk

Following this, users who had tried to contact the digital library received an odd email claiming to be for the “Internet Archive Team.”

ADVERTISEMENT

Instead, hackers still had access to some of the archive’s internal tools.

The message the hackers sent reads:

“It’s dispiriting to see that even after being made of the breach two weeks ago, IA (Internet Archive) has still not done the due diligence of rotating many of the API keys that were exposed in their GitLab secrets.”

The message revealed that this included a Zendesk token with permission to access over 800,000 support tickets sent to the Internet Archive since 2018.

The unknown actor concludes by saying, “Whether you were asking a general question, or requesting the removal of your site from the Wayback Machine – your data is in the hands of some random guy. If not me, it’d be someone else.”

The archive said that it was “working around the clock across time zones” to bring its services back online.”